EntraExporter icon indicating copy to clipboard operation
EntraExporter copied to clipboard

Export of 'privilegedAccess/azureResources/resources' not working with P1 license

Open jbosloy opened this issue 1 year ago • 3 comments

In Get-EEDefaultSchema.ps1 'privilegedAccess/azureResources/resources', the IgnoreError string is set to: 'The tenant has not onboarded to PIM.'

When running the export with -All, I see the export fail on this endpoint with an error of: 'The tenant needs an AAD Premium 2 license.'

By changing the ignoreError string in this file, I can get the export to complete successfully.

If both error strings are possible under different conditions (e.g. a P1 license vs. a P2 license), perhaps in Export-Entra.ps1, the check against ignoreError could use a -match to allow use of a regex, and then ignore errors for this endpoint could be: (The tenant has not onboarded to PIM.|The tenant needs an AAD Premium 2 license.)

jbosloy avatar Dec 16 '23 22:12 jbosloy

I have the same error with an AAD B2C

kreestof1 avatar Jan 31 '24 02:01 kreestof1

Like #62, this sounds like an opportunity to add checks for relevant licenses and handle the error if not applicable.

SamErde avatar May 31 '24 13:05 SamErde

@merill and @snozzberries, do you think this is in any way related to Maester issue #195? The error and API path are both different, but the scenario feels similar: reading PIM information fails for application identities but works with delegated GA access.

SamErde avatar Jun 21 '24 14:06 SamErde